Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jul 2005
Firewall distribution recommendation please
Can you recommend one that matches at least the must-haves below?
- Must be a distribution designed to be a hardened firewall on a dedicated PC(not a firewall implemented using a "generic distribution").
- Must support multiple zones (one network card per zone), preferably 4 or 5.
- Must allow defining firewall rules as follows:
--- Able to (or even default to) stopping all traffic except management.
--- Able to define rules either inbound or outbound (in other words I might want to block HTTP outbound).
--- Able to define both the source and destination for a rule as an IP (i.e.:192.168.1.5), a subnet (i.e.: 192.168.1.0/24), or a domain (i.e.: microsoft.com - for those pesky update sites that keep changing their IP addresses).
- Have a relatively easy to use management interface, prefereably one that can be used in Linux and Windows.
- It must be solid and stable enough to run for months without reboot... easy one with linux.
- Must be free
- Auto-update feature, in case they issue security patches on any of the linux components that the firewall depends on. I can probably live without this if no firewall has it.
- It would be extremely nice if it was possible to distinguish or separately log packets that were blocked by "explicit rules" versus rules that basically say "block anything that I did not explicitly authorize". Even better if the "anything else" logs were routinely emailed to the administrator for analysis.
Thank you for reading this far.
- Join Date
- May 2005
Hmmm. Well thats quite a list for a free firewall. You may have a hard time gettig all of them, but almost all of them are available in IPCop. http://www.ipcop.org/ I use it and find it one of the better ones I have tried. my biggest complaint is the use a color scheme to denote the interfaces which I suppose is to help everyday users but makes me crazy. i.e. Red = External Interface, Green=Internal, Orange= DMZ, Blue=WLAN (or jsut use as another DMZ) that and the fact that out of the box you only can use use these four interfaces (NIcs) . There are addons available as well. One cd, you install on a PC / server with no OS on it, run an X config program and once done can manage from a browser etc.
you can try smoothwall, it has all those things, but can't handle 4, 5 zones (it has red and green out of box), but they're working on it. I don't know about the auto-email thing, but if you add the Guardian addon, then it will become a proactive firewall.
Another one is the Mandrake Multinetwork firewall, you can download it here. has most, if not all the features you are asking for (it has been a long time since i checked what the latest version has).
both of these firewalls can be managed by any computer on the local network, be they linux, windows, mac etc.Life is complex, it has a real part and an imaginary part.
- Join Date
- Sep 2005
You want OpenBSD.
I found it easier to learn than linux. Man pages are complete and up to date, including basic configuration examples.